JP5395938B1 - Cooperation service providing system and server device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a linkage service providing system and a server device that prevent linkage of linkage information on a linkage device and enable later auditing / verification on the linkage device.
Upon receiving ciphertext data transmitted from each service device, a cooperating device in the cooperating service providing system of the embodiment re-encrypts the ciphertext data by using a re-encryption key and re-encrypts the ciphertext data. Generate ciphertext data. Further, the re-ciphertext data is transmitted to a service device different from the service device that transmitted the ciphertext data. Each service device transmits, together with the ciphertext data, a request for acquiring the user information of the user stored in another service device and specified by the ID indicated by the ciphertext data to the cooperation device. When receiving the re-ciphertext data transmitted from the cooperation device, the re-ciphertext data is decrypted using the secret key to obtain the ID, and then the user information is read and transmitted to another service device. To do.
[Selection] Figure 1

Description

  Embodiments described herein relate generally to a cooperative service providing system and a server device.

  As a cooperative service provision method for multiple devices to send and receive information to each other and provide one service, a method of directly connecting each device to another device, a common with ID conversion function and log function, etc. There is a method of connecting each device via a bus. Of these two methods, the former method in which each device is directly connected to another device has no point to collect and manage information exchanged between the devices (hereinafter referred to as cooperation information). Therefore, it is difficult to verify / audit the contents of transmission / reception later. For this reason, it is considered desirable to connect the devices via a common bus having the latter ID conversion function and log function.

  In general, an ID for identifying information included in each device is an ID for identifying the same information, but the ID itself is different for each device. The ID conversion function is a function that proves that the ID is an ID for identifying the same information even if the ID itself is different for each apparatus. As a method for realizing the ID conversion function, there are a table reference method and a function method.

  For example, as a cooperation service providing technique to which the table reference method is applied, a table is stored in advance in a cooperation apparatus that cooperates with a plurality of apparatuses, and the plurality of apparatuses are referred to by referring to this table when the apparatuses are associated with each other. There is a cooperation service providing technology that realizes ID cooperation (that is, transmission / reception of cooperation information).

  In addition, as a cooperation service providing technology to which the function method is applied, for example, after the information including the ID transmitted from one of the devices to be cooperated is decrypted once on the cooperation device using the secret information in AES, the other There is a cooperation service providing technology that realizes ID cooperation (that is, transmission / reception of cooperation information) between a plurality of apparatuses by re-converting the apparatus code and transmitting it.

  Furthermore, as a cooperative service providing technology to which a function method is applied, there is a cooperative service providing technology that realizes transmission / reception of cooperative information between devices by using public key cryptography for the cooperative information.

  Here, a technique called Proxy Re-Encryption regarding the public key cryptosystem will be described.

  The basic model of this technique is composed of the following five functions (hereinafter also referred to as algorithms) of key generation, encryption, decryption, re-encryption key generation, and re-encryption. Key generation, encryption, and decryption functions are the same as those of ordinary public key encryption.

(Key generation) KeyGen (1 ^k ) → (pk, sk)
When the security parameter 1 ^k is input, the key generation algorithm KeyGen outputs a set (pk, sk) of the public key pk and the secret key sk.

(Encryption) Enc (pk _A , m) → C _A
Encryption algorithm Enc, when the public key pk _A and the message m of the user A is input, and outputs the ciphertext C _A addressed to user A.

(Decryption) Dec (sk _A , C _A ) → m
The decryption algorithm Dec outputs a message m when the secret key sk _A of the user A and the ciphertext C _A addressed to the user A are input.

(Re-encryption key generation) ReKeyGen (pk _A , sk _A , pk _B , sk _B ) → rk _{A → B}
When the re-encryption key generation algorithm ReKeyGen is inputted with the public key pk _{A of} the user A, the secret key sk _{A of} the user _A , the public key pk _{B of} the user B, and the secret key sk _B of the user B, the re-encryption key rk _{A → B} is output.

(Re-encryption) ReEnc (rk _{A → B} , C _A ) → C _B
Re-encryption algorithm ReEnc includes a re-encryption key rk A _{→ B,} if the ciphertext C _A addressed to user A is inputted, and outputs the ciphertext C _B addressed to the user B.

  The above is the basic model. However, depending on the method of re-encryption, models with different input to functions and models including functions and keys other than the above are also considered.

For example, in the input of the re-encryption key generation algorithm, a model called non-interactive that does not require the user B's secret key sk _B or a user B's secret key sk _A instead of the user B's secret key sk _{A A} model in which the re-encryption key rk _{A → B} addressed to the user and the secret key sk _{C of the} user C are input is also considered.

Also, the ciphertext C _A → C _B can be re-encrypted with the re-encryption key rk _{A → B} , while the reverse ciphertext C _B → C _A cannot be converted, which is called unidirectional. There is also known a model, a model called bidirectional, which can perform reverse conversion. In the bidirectional model, the re-encryption key rk _{A → B} may be expressed as rk _A⇔B .

  Further, among public key cryptosystems, a scheme based on ID-based cryptography is also considered. In this case, the function setup (Setup) for generating the master key is increased, and the master key and ID are added to the input of the key generation algorithm KeyGen. In ID-based encryption, the public key pk is the ID itself.

  Specific examples of the method include a method described in Non-Patent Documents 3 and 4 for a unidirectional model, a method described in Non-Patent Document 5 for a bidirectional model, and a non-patent document 6 for an ID-based encryption. 7 and the like are known. In the embodiment, the method described in Non-Patent Document 8 is referred to.

JP 2006-195791 A

M. Blaze, M. Strauss. Atomic Proxy Cryptography. AT & T Labs Research TR98.5.1, 1997. M. Blaze, G. Bleumer, M. Strauss. Divertible Protocols and Atomic Proxy Cryptography. In Eurocrypt’98, LNCS 1403, pp.127-144, 1998. G. Ateniese, K. Fu, M. Green, S. Hohenberger. Improved Proxy Re-Encryption Schemes with Applications to Secure Distributed Storage. In NDSS’05, 2005. B. Libert, D. Vergnaud. Tracing Malicious Proxies in Proxy Re-Encryption. In Pairing 2008, 2008. R. Canetti, S. Hohenberger. Chosen-Ciphertext Secure Proxy Re-Encryption. In ACM CCS’07, 2007. M. Green, G. Ateniese. Identity-Based Proxy Re-encryption. In ACN’07, 2007. T. Matsuo. Proxy Re-encryption Systems for Identity-based Encryption. In Pairing 2007, 2007. Benoit Libert, Damien Vergnaud, “Unidirectional Chosen-Ciphertext Secure Proxy Re-encryption”, Public Key Cryptography 2008, pp. 360-279. G. Ateniese, S. Hohenberger, “Proxy re-signature: new definitions, algorithm, and applications”, ACM Conference on Computer and Communications Security 2005, pp.310-319 A. Menezes, P. van Oorschot, S. Vanstone, “Handbook of Applied Cryptography”, CRC Press, (1996),

  However, with the above-described cooperation service providing technology, the inconvenience that the cooperation information (that is, ID) can be linked on the cooperation apparatus, and the process of exchange of the cooperation information between the apparatuses are performed on the cooperation apparatus. There is a disadvantage that it cannot be audited or verified later.

  The problem to be solved by the present invention is to provide a linkage service providing system and a server device that prevent linkage of linkage information on the linkage device and enable later auditing / verification on the linkage device. is there.

  The cooperative service providing system of the embodiment includes a re-encryption key issuing device, a plurality of service devices that provide various services to the user using an ID issued to identify the user, Are connected to each other so that they can communicate with each other.

  The cooperation apparatus includes a first storage unit, a second storage unit, a first generation unit, a first transmission unit, and a second transmission unit.

  The first storage means stores the re-encryption key issuing device and the public key of each service device.

  The second storage means realizes a re-encryption process that enables decryption using the secret key of another service device without decrypting the ciphertext data transmitted from each service device into plaintext data. Store the re-encryption key.

  When the first generation unit receives the ciphertext data transmitted from each service device, the first generation unit re-encrypts the ciphertext data using the stored re-encryption key and generates re-ciphertext data. To do.

  The first transmission means transmits the generated re-ciphertext data to a service device different from the service device that transmitted the ciphertext data.

  The second transmission means transmits the stored public key to each service device.

  Each service device includes third storage means, fourth storage means, second generation means, third transmission means, acquisition means, reading means, and fourth transmission means.

  The third storage means stores the issued ID in association with user information indicating user information unique to each service device.

  The fourth storage means stores a secret key of each service device.

  The second generation means encrypts the ID of the user by using the public key of the re-encryption key issuing device transmitted from the cooperation device in accordance with the operation of the user, and performs ciphertext data Is generated.

  The third transmitting means sends a request for acquiring user information of a user stored in another service device together with the generated ciphertext data and specified by an ID indicated by the ciphertext data. It transmits to the said cooperation apparatus.

  Upon receiving the re-ciphertext data transmitted from the cooperation device, the acquisition means decrypts the re-ciphertext data using the stored secret key and acquires the encrypted ID.

  The reading means reads user information corresponding to the acquired ID from the third storage means.

  The fourth transmission unit transmits the read user information to another service device via the cooperation device.

It is a schematic diagram which shows the structural example of the cooperation service provision system which concerns on 1st Embodiment. It is a sequence diagram showing an example of a key generation process according to the embodiment. It is a sequence diagram showing an example of an ID issuing process according to the embodiment. FIG. 6 is a sequence diagram showing an example of a re-encryption key generation process according to the embodiment. It is a sequence diagram which shows an example of the cooperation process which concerns on the same embodiment. It is a sequence diagram which shows an example of the code distribution process which concerns on the modification of 1st Embodiment. It is a sequence diagram which shows an example of the cooperation process which concerns on the modification of 1st Embodiment. It is a schematic diagram which shows the structural example of the cooperation service provision system which concerns on the further modification of 1st Embodiment. It is a sequence diagram which shows an example of the cooperation process which concerns on the further modification of 1st Embodiment. It is a schematic diagram which shows the structural example of the cooperation service provision system which concerns on 2nd Embodiment. It is a sequence diagram which shows an example of the cooperation process which concerns on the same embodiment.

[First Embodiment]
FIG. 1 is a schematic diagram illustrating a configuration example of a cooperative service providing system according to the first embodiment. As shown in FIG. 1, the cooperative service providing system 1 includes a re-encryption key issuing device 10, a cooperative device 20, an ID issuing device 30, and a plurality of service devices S ₁ and S ₂ .

In the present embodiment, it is assumed that there are two service devices for the sake of simplicity of explanation, but the number of service devices is not limited to this. The ID issuing device 30 issues an ID for identifying a user who uses each of the service devices S ₁ and S ₂ and distributes this ID to each of the service devices. ₁ , since information on users who use S ₂ (hereinafter referred to as “user information”) only needs to be stored in association with the ID, this is not necessarily an essential configuration. It does not matter (it may be distributed from outside that is not included in the configuration of this embodiment).

Hereinafter, the devices 10 to 30 _will be specifically described the structure of S 1, _{S 2.}

  The re-encryption key issuing device 10 includes a security parameter storage unit 11, a secret key storage unit 12, a temporary data storage unit 13, a public parameter generation unit 14, an encryption key / re-encryption key generation unit 15, a communication unit 16, and a control. A portion 17 is provided.

  The security parameter storage unit 11 is a storage device that stores security parameters necessary for generating public parameters for key generation. The security parameter is, for example, a threshold value that defines a condition for generating a public parameter.

  The private key storage unit 12 is a private key of the key pair (public key / private key) of the re-encryption key issuing device 10 itself generated by the encryption key / re-encryption key generation unit 15 using the public parameter. Is a storage device.

  The temporary data storage unit 13 is a process of the public key of the own device 10 generated by the encryption key / re-encryption key generation unit 15, the public parameter generation unit 14, and the encryption key / re-encryption key generation unit 15. And a storage device for storing temporary data such as processing results.

  The public parameter generation unit 14 uses a security parameter read from the security parameter storage unit 11 to generate a key generation public parameter, a process in the process of generating the public parameter, and a processing result as a temporary data storage unit 13. With the ability to write to.

The encryption key / re-encryption key generation unit 15 uses the public parameter generated by the public parameter generation unit 14 to generate the key pair of the device 10 and the secret key of the generated key pair It has a function of writing to the key storage unit 12 and writing the public key of the generated key pair to the temporary data storage unit 13. The encryption key / re-encryption key generation unit 15 also includes the secret key of the re-encryption key issuing device 10 read from the secret key storage unit 12 and each service device S ₁ , transmitted from the cooperation device 20 described later. it has a function of generating a re-encryption key by using the public key of S _2, and a function of writing the processing course and the processing result of the processing for generating the re-encryption key in the temporary data storage unit 13.

The communication unit 16 enables communication with the other devices 20, 30, S ₁ and S _2, and includes, for example, public parameters generated by the public parameter generation unit 14, and encryption key / re-encryption key generation. It has a function of transmitting the public key and re-encryption key of its own device 10 generated by the unit 15 to the cooperation device 20. In addition, the communication unit 16 has a function of transmitting various requests from the re-encryption key issuing device 10 to the linkage device 20.

  The control unit 17 has a function of controlling the units 11 to 16.

  The cooperation apparatus 20 includes a public parameter storage unit 21, a public key storage unit 22, a re-encryption key storage unit 23, a temporary data storage unit 24, a re-encryption processing unit 25, a communication unit 26, and a control unit 27.

  The public parameter storage unit 21 is a storage device that stores the public parameters transmitted from the re-encryption key issuing device 10.

The public key storage unit 22 is a storage device that stores public keys transmitted from the re-encryption key issuing device 10 and service devices S ₁ and S ₂ described later.

  The re-encryption key storage unit 23 is a storage device that stores the re-encryption key transmitted from the re-encryption key issuing device 10.

  The temporary data storage unit 24 is a storage device that stores temporary data such as processing results and processing results of the re-encryption processing unit 25.

The re-encryption processing unit 25 uses a re-encryption key read from the re-encryption key storage unit 23 to re-encrypt ciphertext data transmitted from each service device S ₁ , S ₂ , It has a function of writing in the temporary data storage unit 24 during the process of re-encrypting and the processing result. Specifically, the re-encryption processing unit 25 uses the re-encryption key read from the re-encryption key storage unit 23, and the ciphertext data transmitted from _one service device (for example, the service device S ₁ ). Is decrypted into ciphertext data for the other service device (for example, the service device S ₂ ) without decrypting the data into plaintext data (that is, re-ciphertext data is generated).

The communication unit 26 enables communication with the other devices 10, 30, S ₁ , S _2. For example, the public parameter transmitted from the re-encryption key issuing device 10 or the re-encryption key issuing device 10. And a function for writing the public key transmitted from each service device S ₁ , S ₂ and the re-encryption key transmitted from the re-encryption key issuing device 10 to the corresponding storage units 21 to 23, and re-encryption A function of transmitting the re-ciphertext data re-encrypted by the processing unit 25 to each of the service devices S ₁ and S ₂ . The communication unit 26, other devices 10 and _30, in response to a request from the S 1, _{S 2,} has a function of transmitting the public parameter and a public key each device 10 and _30, the S 1, _{S 2.}

  The control unit 27 has a function of controlling the units 21 to 26.

  The ID issuing device 30 includes an ID issuing information storage unit 31, an ID issuing unit 32, a communication unit 33, and a control unit 34.

  The ID issue information storage unit 31 is a storage device that stores the ID issued by the ID issue unit 32.

The ID issuing unit 32 has a function of issuing a unique ID for identifying a user who uses each of the service devices S ₁ and S ₂ and a function of writing the issued ID into the ID issue information storage unit 31. .

The communication unit 33 enables communication with the other devices 10, 20, S ₁ , S _2. For example, the function of distributing the ID issued by the ID issuing unit 32 to the service devices S ₁ , S _2. Have

  The control unit 34 has a function of controlling the units 31 to 33.

Next, specific configurations of the service devices S ₁ and S ₂ will be described. In the following, the configuration of the service device S ₁ will be described as a representative example to simplify the description.

The service device S ₁ includes a user information storage unit S ₁ 1, a secret key storage unit S ₁ 2, a temporary data storage unit S ₁ 3, an encryption processing unit S ₁ 4, a decryption processing unit S ₁ 5, and a service processing unit S. ₁ 6, service cooperation requesting unit _S 1 7, and a communication portion _{S 1} 8 and the control unit _{S 1} 9.

The user information storage unit S ₁ 1 is a storage device that stores an ID distributed from the ID issuing device 30 in association with information (user information) of a user who uses the service device S ₁ .

The secret key storage unit S ₁₂ is a storage device that stores the secret key of the key pair of the own device S ₁ generated by the encryption processing unit S ₁₄ using the public parameter.

Temporary data storage S _{1 3,} the public key of and the own apparatus S ₁ generated by the encryption processing unit S _{1 4,} the encryption processing unit S _{1 4} and the decoding processing unit S _{1 5} of intermediate processing and processing result Is a storage device for storing temporary data.

The encryption processing unit S ₁ 4 generates a key pair of the own device S ₁ using the public parameters transmitted from the cooperation device 20, and the secret key storage unit S ₁ uses the secret key of the generated key pair. 2 and the function of writing the public key of the generated key pair to the temporary data storage unit S ₁₃ . Further, the encryption processing unit S ₁₄ uses the public key of the re-encryption key issuing device 10 transmitted from the cooperation device 20 to use plaintext data (for example, an ID stored in the user information storage unit S ₁₁ ). and generating the encrypted data by the like) for processing encrypted, it has a function of writing the processing course and the processing result of the process of generating the encrypted data in the temporary data storage unit S _{1 3.}

The decryption processing unit S ₁ 5 uses a secret key read from the secret key storage unit S ₁₂ to decrypt the re-ciphertext data transmitted from the cooperation apparatus 20, and during and during the decryption process. the results in the temporary data storage unit S _{1 3} has a function of writing.

Service processing unit S _{1 6,} in response to a request from the user, has the function of providing services.

Service cooperation requesting unit S _{1 7} has a function of requesting the cooperation apparatus 20 via the communication unit S _{1 8} to the effect that want to get the information included in the different service devices.

Communication unit S _{1 8,} the other devices 10 to 30 is intended to enable communication with S _2, for example, user information storage unit S in association the distributed ID from the ID issuing device 30 in the user information ₁₁ has a function of writing to ₁ 1 and a function of transmitting the public key and ciphertext data generated by the encryption processing unit S ₁₄ to the linkage apparatus 20. Further, the communication unit S ₁ 8 has a function of transmitting various requests from the service device S ₁ to the cooperation device 20.

The control unit S ₁ 9 has a function of controlling the units S _{1 1 to} S ₁ 8.

Each service device S ₁ and S ₂ does not share user information with other service devices in order to provide a unique service to the user.

  Next, an example of the operation of the cooperative service providing system 1 configured as described above will be described with reference to the sequence diagrams of FIGS.

  The following operations are executed in the procedure of (1) pre-processing (2) cooperation processing, (1) pre-processing includes (1-1) key generation processing, (1-2) ID issuance processing, (1-3 ) It is executed in the re-encryption key generation processing procedure. However, the pre-processing does not necessarily have to be executed according to the above procedure. For example, the ID issuing process may be executed before the key generating process.

(1) The key generation process is executed by the re-encryption key issuing device 10 and the service devices S ₁ and S ₂ as shown in FIG. 2 and the following steps ST1 to ST21.

First, the public parameter generation unit 14 in the re-encryption key issuing device 10 generates public parameters (p, λ, G, G _T , g, u, v, Sig) (step ST1). Specifically, the public parameter generation unit 14 generates bilinear map groups (G, G _T ) satisfying the prime order p> 2λ based on the security parameter λ stored in the security parameter storage unit 11 in advance. ), Generator g, u, v∈G, one-time signature that satisfies strong forgery

Non-patent document 10 describes the disposable signature. Moreover, G, G _T is a group set defined by elliptic curve, used in the pairing function as shown in the following equation.

Pairing function: e (g ₁ , g ₂ ) = g _T
Where g ₁ , g ₂ ∈ G, g _T ∈ G _T
This pairing function has the following properties.

^{e (g a, g) =} e (g, g a) = e (g, g) a
However, g∈G, a∈Z _p
Subsequently, the communication unit 16, public parameters generated by the public parameter generating unit 14 transmits (p, λ, G, G T, g, u, v, Sig) to the cooperation apparatus 20 (i.e., other devices (Public parameters are disclosed to 20, 30, S ₁ and S ₂ ) (step ST2).

Next, upon receiving the public parameters (p, λ, G, G _T , g, u, v, Sig) transmitted from the re-encryption key issuing device 10, the communication unit 26 in the cooperation device 20 receives this public information. The parameter is written (registered) in the public parameter storage unit 21 (step ST3).

  Subsequently, the communication unit 16 in the re-encryption key issuing device 10 requests the linkage device 20 to distribute public parameters (step ST4).

Next, the communication unit 26 in cooperation apparatus 20 receives a request from the re-encryption key issuing apparatus 10 in step ST4, the public parameter stored in the public parameter storage unit 21 (p, λ, G, G T , G, u, v, Sig) are transmitted to the re-encryption key issuing device 10 (step ST5).

Subsequently, the encryption key / re-encryption key generation unit 15 in the re-encryption key issuing device 10 transmits the public parameters (p, λ, G, G _T , g, u, v, Sig) is received via the communication unit 16, the key pair of the re-encryption key issuing device 10 is generated using this public parameter (step ST6). Specifically, the encryption key / re-encryption key generation unit 15 sets the identification information of the re-encryption key issuing device 10 to i, and the secret key x _i εZ _p ^{* of the} re-encryption key issuing device 10 ^. And the public key of the re-encryption key issuing device 10 using this secret key x _i

Is generated.

Next, the encryption key / re-encryption key generation unit 15 writes the private key x _i of the key pair of the apparatus 10 generated in step ST6 in the secret key storage unit 12, and the generated self apparatus 10 The public key X _i of the key pair is written into the temporary data storage unit 13 (step ST7).

Subsequently, the communication unit 16 transmits the public key X _i in the temporary data storage unit 13 to the cooperation device 20 (that is, the public key X _i is disclosed to the other devices 20, 30, S ₁ and S ₂₎ . (Step ST8).

  Thereafter, upon receiving the public key Xi of the re-encryption key issuing device 10 transmitted from the re-encryption key issuing device 10, the communication unit 26 in the cooperation device 20 writes this public key in the public key storage unit 22. (Register) (step ST9).

Similarly, the service device _{S 1} executes the same processing as step ST4~ST9 also keypair service apparatus _{S 1,} the secret key in the secret key storage unit _{S 1} 2 in the service device _{S 1 x j} And the public key X _j is transmitted to the cooperative device 20 to register the public key X _j of the service device S ₁ in the public key storage unit 22 in the cooperative device 20 (steps ST10 to ST15).

Furthermore, the service device _{S 2} executes the same processing as step ST4~ST9 also keypair service device _{S 2,} writing a secret key _{x k} in the secret key storage unit _{S 2} 2 in the service device _{S 2} with writing, by transmitting the public key _{X k} to the cooperation apparatus 20, the public key storage unit 22 in cooperation apparatus 20 registers the public key _{X k} of the service device _{S 2} (step ST16~ST21).

Thus, the key generation process is completed. Thereafter, each of the devices 10 to 30, S ₁ , and S ₂ can appropriately acquire and use the public parameters and public keys that are disclosed in the public parameter storage unit 21 and the public key storage unit 22 in the cooperation device 20. it can.

  (1-2) The ID issuing process is executed by the ID issuing device 30 as shown in FIG. 3 and the following steps ST31 to ST35.

First, the ID issuing unit 32 in the ID issuing device 30 issues an ID for identifying a user who uses each of the service devices S ₁ and S ₂ , and writes the issued ID in the ID issue information storage unit 31. (Step ST31).

Subsequently, the communication unit 33 distributes the stored ID in the ID issuance information storage unit 31 in the service device _{S 1} (step ST32).

Thereafter, upon receiving the ID distributed from the ID issuing device 30, the communication unit S ₁ 8 in the service device S ₁ writes this ID in the user information storage unit S ₁ 1 in association with the user information. (Step ST33).

Similarly, the communication unit 33 of the ID issuing device 30 performs the same processing as step ST32 to the service device _{S 2} (step ST34), the communication unit _{S 2} 8 in the service device _{S 2,} the step ST33 executes the same processing as in association with ID to the user information written in the user information storage unit _{S 2} 1 (step ST35).

  Thus, the ID issuing process is completed.

(1-3) The re-encryption key generation process is executed by the re-encryption key issuing apparatus 10 as shown in FIG. 4 and the following steps ST41 to ST45. However, here, a description will be given of a process for generating a re-encryption key to convert the encrypted data of the re-encryption key issuing device for 10 to encrypted data of the service device S ₂ for.

First, the communication unit 16 of the re-encryption key issuing apparatus 10 requests to distribute a public key of the public parameters and service device S ₂ with respect to linkage device 20 (step ST41).

Subsequently, upon receiving a request from the re-encryption key issuing device 10 in step ST41, the communication unit 26 in the cooperation device 20 receives public parameters (p, λ, G, G _T) stored in the public parameter storage unit 21. , g, u, v, Sig with), and transmits the public key _{X k} of the stored service device _{S 2} in the public key storage unit 22 to the re-encryption key issuing device 10 (step ST42).

Next, the encryption key / re-encryption key generation unit 15 in the re-encryption key issuing device 10 includes the public parameters (p, λ, G, G _T , g, u, v, Sig) and the service device S _2. public key X _k and a receives via the communication unit 16, by using the secret key x _i of the acquired information and the own apparatus 10 read from the secret key storage unit 12, the re-encryption key issuing apparatus for 10 re-encryption key for converting ciphertext data service device S ₂ for the encrypted data

Is generated (step ST43).

Subsequently, the communication unit 16 transmits the generated re-encryption key R _ik to the cooperation device 20 (step ST44).

Thereafter, upon receiving the re-encryption key R _ik transmitted from the re-encryption key issuing device 10, the communication unit 26 in the cooperation device 20 writes the re-encryption key in the re-encryption key storage unit 23. (Register) (Step ST45).

Thus, the re-encryption key generation process is completed. Here, the re-encryption key for converting the ciphertext data for the re-encryption key issuing device 10 into the ciphertext data for the service device S ₂ is generated. However, the present invention is not limited to this. the re-encryption key for converting the ciphertext data issuing apparatus for 10 of the service device S for ₁ to encrypted data may be generated.

(2) The cooperation process is executed by the cooperation device 20 and the service devices S ₁ and S ₂ as shown in FIG. 5 and the following steps ST51 to ST62.

_First , the communication unit S ₁ 8 in the service device S ₁ requests the cooperation device 20 to distribute the public parameters and the public key of the re-encryption key issuing device 10 in response to a request from the user. (Step ST51).

Subsequently, the communication unit 26 in cooperation apparatus 20, in response to a request from the service device _{S 1} in step ST51, the public parameter stored in the public parameter storage unit 21 (p, λ, G, G T, g, u, v, Sig) and the public key X _{i of} the re-encryption key issuing device 10 stored in the public key storage unit 22 are transmitted to the service device S ₁ (step ST52).

Then, the service encryption processing unit _{S 1} 4 in the apparatus _{S 1} includes public parameters (p, λ, G, G T, g, u, v, Sig) communication and the public key _{X i} section _S 1 8 It receives via reads the ID corresponding to the user in step ST51 from the user information storage unit _{S 1} 1 (step ST53).

Subsequently, the encryption processing unit S ₁₄ generates the ciphertext data by encrypting the ID read from the user information storage unit S ₁₁ using the public key X _i of the re-encryption key issuing device 10. (Step ST54).

Here, as shown in the following steps ST54-1～ST54-4, specifically described encryption processing by the encryption processing unit _{S 1} 4.

First, the encryption processing unit S ₁₄ has a security parameter λ and key pair generation function in the public parameters.

It generates (step ST54-1), and sets the verification key svk the first encrypted data C ₁ (C ₁ = svk).

Also, the encryption processing unit _{S 1} 4, after generating the first random number r ∈ Z _p ^*, based on the first random number r, relative ID∈G _T as plaintext data, a second or less, the 3 and the fourth encrypted data C _2, C _3, to produce a C ₄ (step ST54-2).

Specifically, the encryption processing unit S ₁₄ generates the second encrypted data C ₂ based on the public key X _i of the re-encryption key issuing device 10 and the first random number r. In addition, the encryption processing unit S ₁₄ generates the third encrypted data C ₃ by a pairing function based on the generation source g in the public parameter, the first random number r, and the ID. Further, the encryption processing unit S ₁₄ generates the fourth encrypted data C ₄ based on the generation sources u and v in the public parameter, the generated verification key svk, and the first random number r.

After step ST54-2, the encryption processing unit _{S 1} 4, compared third and fourth encrypted data C _3, C _4, the signature generation function in public parameter

Thereafter, the encryption processing unit S ₁₄ receives the ciphertext data C _i = (C ₁ , C ₂ , C ₃ , C) including the _{first to} fourth encrypted data C _{1 to} C ₄ and the disposable signature σ. ₄ , σ) is generated, and the obtained ciphertext data is written in the temporary data storage unit S ₁₃ (step ST54-4).

  As described above, ciphertext data is generated by completing the processes of steps ST54-1 to ST54-4.

After step ST54, service cooperation requesting unit S _{1 7,} using the encrypted data generated by the encryption processing unit S _{1 4,} via the communication unit S _{1 8} to acquire information service device S _2's Request to the cooperation device 20 (step ST55).

Then, re-encryption processing unit 25 in cooperation apparatus 20, the request and the encrypted data from the service device S ₁ in step ST55 receives via the communication unit 26, the pre-re-encryption key storage unit 23 The ciphertext data is re-encrypted using the stored re-encryption key R _ik (step ST56).

  Here, as shown in the following steps ST56-1 to ST56-3, the re-encryption processing by the re-encryption processing unit 25 will be specifically described.

First, the re-encryption processing unit 25 verifies the ciphertext data C _ki using the public parameter and the following verification expression (step ST56-1). Here, if two verification formulas are satisfied, the verification is successful, and if any one verification formula is not satisfied, the verification fails.

If the re-encryption processing unit 25 succeeds in the verification, the re-encryption processing unit 25 generates the second random number tεZ _p ^* , and the first, second, and third re-encrypted data C ₂ ^′ , C ₂ as shown in the following equation. ^'' , C ₂ ^''' is generated (step ST56-2).

Specifically, in step ST56-2, the re-encryption processing unit 25 determines the first re-encrypted data C ₂ ^' based on the public key X _i of the re-encryption key issuing device 10 and the second random number t. Is generated. Further, the re-encryption processing unit 25 generates second re-encrypted data C ₂ ^″ based on the re-encryption key R _ik and the second random number t. Further, the re-encryption processing unit 25 generates the third re-encrypted data C ₂ ^{″ ″} based on the second encrypted data C ₂ and the second random number t.

After the end of step ST56-2, the re-encryption processing unit 25 converts the first to third re-encrypted data C ₂ ^'to C ₂ ^''' into the second encrypted data C _i in the ciphertext data C _i . ₂ to generate reciphertext data C _k = (C ₁ , C ₂ ^′ , C ₂ ^″ , C ₂ ^{′ ″} , C ₃ , C ₄ , σ), and the obtained re-ciphertext data Is written in the temporary data storage unit 24 (step ST56-3).

  As described above, re-ciphertext data is generated by completing the processing of steps ST56-1 to ST56-3.

After step ST56, the communication unit 26 transmits the re-encrypted data C _k generated in the service device S ₂ (step ST57), the acquisition of information service device S ₂ with the re-encrypted data's Request.

Subsequently, the service apparatus decoding section S _{2 5} in S _2, when the re-encrypted data C _k transmitted from the linkage device 20 receives via the communication unit S _{2 8,} in advance secret key storage unit S ₁ 2 using the private key x _k stored in decrypting the re-encrypted data, to acquire the ID (step ST58).

Here, as shown in the following steps ST58-1～ST58-2, specifically described decoding processing by the decoding processing unit _{S 2} 5.

First, the decoding processing unit _{S 2} 5 uses the public parameters and the self-device public key _{X k} and the next verification equation of _{S 2,} verifies the re-encrypted data _{C k} (step ST58-1). Here, if three verification expressions are satisfied, the verification is successful, and if any one verification expression is not satisfied, the verification fails.

Decoding section _{S 2} 5 succeeds in verification, based on the secret key _{x k} of the apparatus _{S 2,} as shown in the following equation, decodes the ID from the re-encrypted data _{C k} (step ST58-2) .

  As described above, the ID is acquired by completing the processes of steps ST58-1 to ST58-2.

After step ST58, the service processing unit _{S 2} 6 in the service device _{S 2} reads the user information corresponding to the decoded ID by decoding section _{S 2} 5 from the user information storage unit _{S 2} 1 (step ST59 ).

Next, the communication unit _{S 2} 8 sends the user information read out by the service processing unit _{S 2} 6 to the cooperation device 20 as linkage information (step ST60).

Subsequently, the communication unit 26 in cooperation apparatus 20, when receiving the link information transmitted from the service device S _2, and transmits the link information to the service device S ₁ (step ST61).

Thereafter, the communication unit S ₁ 8 in the service device S ₁ receives the cooperation information transmitted from the cooperation device 20. Thus the service device _{S 1} acquires the link information (step ST62).

According to the first embodiment described above, the linkage device 20 including a re-encryption processing unit 25, the encryption processing unit _S 1 _{4, S} 2 4, decoding section _S 1 5, _{S 2} 5 and service linkage With the configuration including a plurality of service devices S ₁ and S ₂ including the request units S ₁ 7 and S ₂ 7, the linkage device 20 can receive an ID in the process of exchange of linkage information between the service devices S ₁ and S _2. Can not be associated with each other, it is possible to improve the security for linked information.

Further, by using the information re-encryption key issuing device 10 and the linkage device 20 has (i.e., without requiring confidential information of each service device S _1, S _2), between the respective service devices S _1, S ₂ It is possible to audit / verify later the process of exchange of cooperation information.

In the present embodiment, the IDs stored in the user information storage units S ₁ 1 and S ₂ 1 in the service devices S ₁ and S ₂ are encrypted using the re-encryption method. However, the present invention is not limited to this. Instead, for example, after encrypting the ID using the common encryption method, a hybrid encryption that encrypts the common key using the re-encryption method may be applied.

[Modification]
Below, the modification of 1st Embodiment is demonstrated using the sequence diagram of FIG. 6, FIG. In this modification, a code generated from the user ID issued by the ID issuing device 30 (the code before distribution corresponds to the first code in claim 2) is distributed to each service device S ₁ , S ₂ . Thus, the cooperation process is executed using this code. Since (1-1) key generation processing and (1-3) re-encryption key generation processing are the same as those in the first embodiment described above, detailed description thereof is omitted here.

  Hereinafter, (1-2 ′) code distribution processing and (2 ′) cooperation processing different from those of the first embodiment described above will be described.

(1-2 ′) The code distribution process is executed by the linkage device 20, the ID issuing device 30, and the service devices S ₁ and S ₂ as shown in FIG. 6 and the following steps ST71 to ST79.

First, the ID issuing unit 32 in the ID issuing device 30 issues an ID for identifying a user who uses each of the service devices S ₁ and S ₂ , and writes the issued ID in the ID issue information storage unit 31. (Step ST71).

  Subsequently, the communication unit 33 requests the cooperation device 20 to distribute the public key of the re-encryption key issuing device 10 (step ST72).

Next, when receiving the request from the ID issuing device 30 in step ST72, the communication unit 26 in the cooperation device 20 IDs the public key X _i of the re-encryption key issuing device 10 stored in the public key storage unit 22. It transmits to the issuing apparatus 30 (step ST73).

Subsequently, when the ID issuing unit 32 in the ID issuing device 30 receives the public key X _i of the re-encryption key issuing device 10 transmitted from the cooperation device 20 via the communication unit 33, it uses this public key. After the ID stored in the ID issue information storage unit 31 is encrypted to generate the first code for the service device S ₁ (the first code in claim 2), the generated first code and the first code are generated. Various parameters (hereinafter referred to as first parameters) used when generating the ID are written in the ID issue information storage unit 31 (step ST74). The process of step ST74 is executed for all the IDs stored in the ID issue information storage unit 31.

Next, the communication unit 33 transmits a and the first parameter plurality of first code stored in the ID issuance information storage unit 31 in the service device _{S 1} (step ST75).

Thereafter, when the communication unit S ₁ 8 in the service device S ₁ receives the first code and the first parameter transmitted from the ID issuing device 30, the communication unit S ₁ 8 associates them with the user information and stores the user information storage unit. Write to S ₁ 1 (step ST76).

Similarly, ID issuing unit 32 of the ID issuing device 30 executes the same processing as step ST74~ST76 also service device _{S 2} for the second code (first code in the claims 2), after generating the second code, and transmits various parameters used when this second code generates the second code (hereinafter, a second parameter representation) and the service unit S _2. Thereafter, the communication unit S _{2 8} in the service device S _2, when receiving the second code and the second parameter transmitted from the ID issuing device 30, user information storage unit in association with these in the user information S ₂ Write to 1 (steps ST77 to ST79).

  This completes the code distribution process.

(2 ′) The cooperation process is executed by the cooperation device 20 and the service devices S ₁ and S ₂ as shown in FIG. 7 and the following steps ST81 to ST93.

First, in response to a request from the user, the encryption processing unit S ₁ 4 in the service device S ₁ sends the first code associated with the user information of the user to the user information storage unit S _1. 1 (step ST81).

Subsequently, the service cooperation requesting unit S _{1 7,} using the first code read by the encryption processing unit S _{1 4,} via the communication unit S _{1 8} to acquire information service device S _2's A request is made to the cooperation apparatus 20 (step ST82).

Then, re-encryption processing unit 25 in the linking apparatus 20 includes a request and the first code from the service apparatus S ₁ in step ST82 receives via the communication unit 26, the pre-re-encryption key storage unit 23 The first code is re-encrypted using the stored re-encryption key R _ik (ie, re-ciphertext data is generated) (step ST83).

Subsequently, the communication unit 26 transmits the re-encrypted data generated in the service device S ₂ (step ST 84), the service device S ₂ requests the acquisition of the information held by using the re-encrypted data.

Then, the service device decoding section S _{2 5} in the S ₂ receives via the communication unit S _{2 8} re encrypted data sent from the cooperation apparatus 20, in advance secret key storage unit S _{2 2} in the storage decrypting the re-encrypted data, and acquires an ID using the secret key _{x k} that (step ST85).

Subsequently, the communication unit _{S 2} 8 requests to distribute a public key of re-encryption key issuing device 10 with respect to linkage device 20 (step ST86).

Next, the communication unit 26 in cooperation apparatus 20 receives a request from the service device S ₂ in step ST86, the public key X _i of the re-encryption key issuing device 10 stored in the public key storage unit 22 the service and it transmits to the device _{S 2} (step ST87).

Subsequently, the encryption processing section S _{2 4} in the service device S ₂ receives via the communication unit S _{2 8} the public key X _i of the re-encryption key issuing device 10 transmitted from the linkage device 20, the by using the second parameter stored in advance in the user information storage unit S _{2 1} and the public key, and encrypting the the ID decoded in step ST85, the 2'code (claims service device S ₂ for 2 (second code in 2) is generated (step ST88).

Next, the service processor S _{2 6} includes a 2'nd code generated, by comparing the second code read there is stored in advance in the user information storage unit S _{2 1,} the user from the matching code Is identified (step ST89).

Subsequently, the service processing unit S _{2 6} are written in the user information storage unit S _{2 1} associates the 2'nd code generated by the user information and the encryption processing section S _{2 4} of the identified user (Step ST90).

Next, the communication unit _{S 2} 8 sends the user information stored in user information storage unit _{S 2} 1 by the service processing unit _{S 2} 6 to the cooperation device 20 as linkage information (step ST 91).

Subsequently, the communication unit 26 in cooperation apparatus 20, when receiving the link information transmitted from the service device S _2, and transmits the link information to the service device S ₁ (step ST92).

Thereafter, the communication unit S ₁ 8 in the service device S ₁ receives the cooperation information transmitted from the cooperation device 20. Thus, the service device _{S 1} acquires the link information (step ST93).

According to the modification of the first embodiment described above, as in the first embodiment described above, the cooperation device 20 including the re-encryption processing unit 25 and the encryption processing units S ₁₄ and S ₂ 4. , decoding processing section _S 1 5, _{S 2} 5 and service cooperation requesting unit _S 1 7, _{S 2} 7 by the configuration and a plurality of service devices _S 1, _{S 2} containing, linkage device 20 each service device _{S 1} , S ₂ , since the ID cannot be associated in the process of exchanging the cooperation information, it is possible to improve the security for the cooperation information.

Further, by using the information re-encryption key issuing device 10 and the linkage device 20 has (i.e., without requiring confidential information of each service device S _1, S _2), between the respective service devices S _1, S ₂ It is possible to audit / verify later the process of exchange of cooperation information.

  As a further modification of the first actual form, it is also possible to apply a cooperative service providing system configured as shown in FIG. This configuration is a simplification of the configuration shown in FIG. 1 described above, and can operate as shown in FIG. 9, for example.

  By simplifying the configuration in this way, the system cost required to realize the cooperative service providing system can be reduced, although there are some disadvantages when auditing is performed on the cooperative apparatus 20.

[Second Embodiment]
FIG. 10 is a schematic diagram illustrating a configuration example of the cooperative service providing system according to the second embodiment. This cooperative service providing system 1 ′ is different from the above-described first embodiment, and is included in the cooperative service providing system 1. The configuration is such that the ID issuing device 30 is excluded. This embodiment is a modification of the first embodiment described above, in terms of mechanism to work in between the respective service devices S _1, S ₂ is already present, when the cooperative processing, the service apparatus S ₁ , S ₂ protects data exchanged. Further, the cooperation information storage units S _{1 1} ′ and S _{2 1} ′ in the service devices S ₁ and S ₂ are different from the user information storage units S ₁ 1 and S ₂ 1 of the first embodiment described above. The link information (corresponding to the user information of the first embodiment) may be stored in association with the user, and the ID for identifying the user may not necessarily be stored.

  Hereinafter, (2 ″) cooperation processing different from the above-described first embodiment will be described.

(2 ″) Cooperation processing is executed by the cooperation device 20 and the service devices S ₁ and S ₂ as shown in FIG. 11 and the following steps ST101 to ST113.

First, service cooperation requesting unit S _{1 7} in the service device S ₁ in response to a request from the user, the service device S ₂ via the communication unit S _{1 8} to acquire information held by the cooperation apparatus 20 The request is made (step ST101).

Subsequently, the communication unit 26 in cooperation apparatus 20 receives a request from the service device S ₁ in step ST 101, for example, using conventional techniques, the cooperative processing to link between the service device S _1, S ₂ Execute (step ST102).

Next, the communication unit 26 transmits the request from the service device _{S 1} in step ST102 to the service device _{S 2} (step ST 103).

Subsequently, the communication unit S _{2 8} in the service device S ₂ receives the request for transmission service device S ₁ from the cooperation apparatus 20, coordinating linkage information corresponding to the user at step ST101 information storage unit S ₂ Read from 1 '(step ST104).

Next, the communication unit _{S 2} 8 requests to distribute a public key of re-encryption key issuing device 10 with respect to linkage device 20 (step ST105).

Subsequently, the communication unit 26 in cooperation apparatus 20 receives a request transmitted from the service device S ₂ in step ST105, the public key X _i of the re-encryption key issuing device 10 which is stored in the public key storage unit 22 and it transmits to the service system _{S 2} (step ST 106).

Next, the encryption processing section S _{2 4} in the service device S ₂ receives via the communication unit S _{2 8} the public key X _i of the re-encryption key issuing device 10 transmitted from the linkage device 20, the Using the public key, the cooperation information read in step ST104 is encrypted to generate ciphertext data (step ST107).

Subsequently, the communication unit _{S 2} 8 transmits the generated ciphertext data to the cooperation apparatus 20 (step ST 108).

Next, when the communication unit 26 in the cooperation device 20 receives the ciphertext data transmitted from the service device S ₂ , the cooperation processing for linking the service devices S ₁ and S _{2 in the same} manner as in step ST102. Is executed (step ST109).

Subsequently, the re-encryption processing unit 25 re-encrypts the ciphertext data received by the communication unit 26 using the re-encryption key R _ij stored in the re-encryption key storage unit 23 in advance. Statement data is generated (step ST110).

Next, the communication unit 26 transmits the re-encrypted data generated by the re-encryption processing unit 25 to the service device _{S 1} (step ST111).

Subsequently, the service decoding section S _{1 5} in the apparatus S ₁ receives via the communication unit S _{1 8} re encrypted data sent from the cooperation apparatus 20, in advance secret key storage unit S _{1 2} in the storage decrypting the re-encrypted data using the private key _{x j} of the (step ST 112).

Thereafter, the service device _{S 1} obtains binding information (step ST113).

According to the second embodiment described above, the cooperation device 20 including the re-encryption processing unit 25, the cooperation information storage units S _{1 1} ′ and S ₂ 1 ′, and the encryption processing units S ₁ 4 and S ₂ 4. , decoding processing section _S 1 5, _{S 2} 5 and service cooperation requesting unit _S 1 7, _{S 2} 7 by the configuration and a plurality of service devices _S 1, _{S 2} containing, linkage device 20 each service device _{S 1} , S ₂ cannot be linked in the process of exchange of the linkage information, and since the linkage information is encrypted in each service device S ₁ , S ₂ , security for the linkage information is increased. It can be improved further.

Further, by using the information re-encryption key issuing device 10 and the linkage device 20 has (i.e., without requiring confidential information of each service device S _1, S _2), between the respective service devices S _1, S ₂ The process of exchanging linkage information can be audited later.

In this embodiment, the cooperation information stored in the cooperation information storage units S _{1 1} ′ and S _{2 1} ′ in the service devices S ₁ and S ₂ is encrypted using the re-encryption method. However, the present invention is not limited thereto, and for example, a hybrid cipher that encrypts the common information using the common encryption method and then encrypts the common key using the re-encryption method may be applied.

According to at least one of the embodiments described above, the linkage device 20 including a re-encryption processing unit 25, the encryption processing unit _S 1 _{4, S} 2 _4, decoding section _S 1 5, _{S 2} 5 and service linkage With the configuration including a plurality of service devices S ₁ and S ₂ including request units S ₁ 7 and S ₂ 7, linkage of linkage information on the linkage device is prevented, and audit / Verification can be possible.

  Note that the methods described in the above embodiments are, as programs that can be executed by a computer, magnetic disks (floppy (registered trademark) disks, hard disks, etc.), optical disks (CD-ROMs, DVDs, etc.), magneto-optical disks. (MO), stored in a storage medium such as a semiconductor memory, and distributed.

  In addition, as long as the storage medium can store a program and can be read by a computer, the storage format may be any form.

  In addition, an OS (operating system) running on a computer based on an instruction of a program installed in the computer from a storage medium, MW (middleware) such as database management software, network software, and the like realize the above-described embodiment. A part of each process may be executed.

  Furthermore, the storage medium in each embodiment is not limited to a medium independent of a computer, but also includes a storage medium in which a program transmitted via a LAN, the Internet, or the like is downloaded and stored or temporarily stored.

  Further, the number of storage media is not limited to one, and the case where the processing in each of the above embodiments is executed from a plurality of media is also included in the storage media in the present invention, and the media configuration may be any configuration.

  Note that the computer in each embodiment executes each process in each of the above embodiments based on a program stored in a storage medium. Any configuration of the system or the like may be used.

  In addition, the computer in each embodiment is not limited to a personal computer, and includes an arithmetic processing device, a microcomputer, and the like included in an information processing device, and is a generic term for devices and devices that can realize the functions of the present invention by a program. Yes.

  In addition, although some embodiment of this invention was described, these embodiment is shown as an example and is not intending limiting the range of invention. These novel embodiments can be implemented in various other forms, and various omissions, replacements, and changes can be made without departing from the scope of the invention. These embodiments and modifications thereof are included in the scope and gist of the invention, and are included in the invention described in the claims and the equivalents thereof.

DESCRIPTION OF SYMBOLS 1,1 '... Cooperation service provision system, 10 ... Re-encryption key issuing device, 11 ... Security parameter storage part, 12 ... Secret key storage part, 13 ... Temporary data storage part, 14 ... Public parameter generation part, 15 ... Encryption Encryption key / re-encryption key generation unit, 16 ... communication unit, 17 ... control unit, 20 ... cooperation device, 21 ... public parameter storage unit, 22 ... public key storage unit, 23 ... re-encryption key storage unit, 24 ... Temporary data storage unit 25 ... Re-encryption processing unit 26 ... Communication unit 27 ... Control unit 30 ... ID issuing device 31 ... ID issuing information storage unit 32 ... ID issuing unit 33 ... Communication unit 34 ... Control unit, S ₁ , S ₂ ... service device, S ₁ 1, S ₂ 1 ... user information storage unit, S _{1 1} ', S ₂ 1' ... cooperation information storage unit, S ₁ 2, S ₂ 2 ... secret Key storage unit, S ₁ 3, S ₂ 3... Temporary data storage unit, S ₁ 4 S ₂ 4 ... encryption _{unit, S 1 5, S 2 5} ... decoding _{unit, S 1 6, S 2 6} ... service processing _{unit, S 1 7, S 2 7} ... service cooperation requesting _{unit, S} 1 8, S ₂ 8 ... communication unit, S ₁ 9, S ₂ 9 ... control unit.

Claims (5)

A re-encryption key issuing device, a plurality of service devices that provide various services to the user using an ID issued to identify the user, and a cooperation device that links the plurality of service devices Is a collaborative service providing system that is communicably connected,
The cooperation device
First storage means for storing the re-encryption key issuing device and the public key of each service device;
Stores a re-encryption key for realizing a re-encryption process that enables decryption using a secret key of another service device without decrypting the ciphertext data transmitted from each service device into plaintext data Second storage means;
Upon receiving the ciphertext data transmitted from each service device, first generation means for re-encrypting the ciphertext data using the stored re-encryption key to generate re-ciphertext data;
First transmitting means for transmitting the generated re-ciphertext data to a service device different from the service device that transmitted the ciphertext data;
Second transmission means for transmitting the stored public key to each service device;
Each service device is
Third storage means for storing the issued ID in association with user information indicating user information specific to each service device;
Fourth storage means for storing a secret key of each service device;
Ciphertext data in which the ID of the user generated by using the public key of the re-encryption key issuing device stored in the first storage means in the cooperation device is encrypted according to the user's operation And a third transmission means for transmitting a request to the user to obtain user information of a user stored in another service device and specified by the ID indicated by the ciphertext data, to the cooperation device;
Upon receiving the re-ciphertext data transmitted from the cooperation device, an acquisition unit that decrypts the re-ciphertext data using the stored secret key and obtains the encrypted ID;
Reading means for reading user information corresponding to the acquired ID from the third storage means;
A service cooperation providing system comprising: fourth transmission means for transmitting the read user information to another service device via the cooperation device. A re-encryption key issuing device, a plurality of service devices that provide various services to the user using an ID issued to identify the user, and a cooperation device that links the plurality of service devices Is a collaborative service providing system that is communicably connected,
The cooperation device
First storage means for storing the re-encryption key issuing device and the public key of each service device;
Stores a re-encryption key for realizing a re-encryption process that enables decryption using a secret key of another service device without decrypting the ciphertext data transmitted from each service device into plaintext data Second storage means;
Upon receiving the ciphertext data transmitted from each service device, first generation means for re-encrypting the ciphertext data using the stored re-encryption key to generate re-ciphertext data;
First transmitting means for transmitting the generated re-ciphertext data to a service device different from the service device that transmitted the ciphertext data;
Second transmission means for transmitting the stored public key to each service device;
Each service device is
A third ID stored in association with user information indicating user information unique to each service device, which is the issued ID and associated with the first code unique to the service device; Storage means;
Fourth storage means for storing a secret key of each service device;
In response to the user's operation, the ID of the user generated using the public key of the re-encryption key issuing device stored in the first storage means in the cooperation device and the first associated with the ID. A request for acquiring user information of a user that is stored in another service device together with the encrypted text data in which one code is encrypted and that is specified by the ID indicated by the encrypted text data. A third transmission means for transmitting to
Upon receiving the re-ciphertext data transmitted from the cooperation device, an acquisition unit that decrypts the re-ciphertext data using the stored secret key and obtains the encrypted ID;
Encryption / generation means for encrypting the decrypted ID to generate a second code;
Reading means for reading user information corresponding to the first code from the third storage means;
A means for comparing the first code and the second code to identify the user information;
A service cooperation providing system comprising: fourth transmission means for transmitting the read user information to another service device via the cooperation device. A re-encryption key issuing device, a plurality of service devices that provide various services to the user using an ID issued to identify the user, and a cooperation device that links the plurality of service devices Are connected so as to be communicable, and each service device stores the issued ID in association with user information indicating user information specific to each service device; and Using the second storage means for storing the secret key and the public key of the re-encryption key issuing device transmitted from the cooperation device in accordance with the operation of the user, the ID of the user is encrypted. First generating means for generating ciphertext data, and user information of the user that is stored in another service device together with the generated ciphertext data and specified by the ID indicated by the ciphertext data Upon receiving the first transmission means for transmitting a request for acquisition to the cooperation device and the re-ciphertext data transmitted from the cooperation device, the re-ciphertext data is decrypted using the stored secret key. Obtaining means for obtaining the encrypted ID; reading means for reading user information corresponding to the obtained ID from the first storage means; and A server device in the cooperative service providing system comprising a second transmitting means for transmitting to another service device via
The server device
Third storage means for storing the re-encryption key issuing device and the public key of each service device;
Stores a re-encryption key for realizing a re-encryption process that enables decryption using a secret key of another service device without decrypting the ciphertext data transmitted from each service device into plaintext data A fourth storage means;
Receiving the ciphertext data transmitted from each service device, a second generation means for re-encrypting the ciphertext data using the stored re-encryption key and generating re-ciphertext data;
Third transmission means for transmitting the generated re-ciphertext data to a service device different from the service device that transmitted the ciphertext data;
A server device comprising: fourth transmission means for transmitting the stored public key to each service device. A re-encryption key issuing device, a plurality of service devices that provide various services to a user, and a cooperation service providing system in which a cooperation device that links these plurality of service devices is communicably connected,
The cooperation device
First storage means for storing the re-encryption key issuing device and the public key of each service device;
Stores a re-encryption key for realizing a re-encryption process that enables decryption using a secret key of another service device without decrypting the ciphertext data transmitted from each service device into plaintext data Second storage means;
Upon receiving the ciphertext data transmitted from each service device, first generation means for re-encrypting the ciphertext data using the stored re-encryption key to generate re-ciphertext data;
First transmitting means for transmitting the generated re-ciphertext data to a service device different from the service device that transmitted the ciphertext data;
Second transmission means for transmitting the stored public key to each service device;
Each service device is
Third storage means for storing link information to be linked between the service devices in association with the user;
Fourth storage means for storing a secret key of each service device;
In response to the user's operation, using the public key of the re-encryption key issuing device transmitted from the cooperation device, the cooperation information associated with the user is encrypted to generate ciphertext data. Second generating means for
Third transmission means for transmitting the generated ciphertext data to the cooperation device;
And receiving means for receiving the re-ciphertext data transmitted from the cooperation device, decrypting the re-ciphertext data using the stored secret key, and acquiring the encrypted cooperation information. A collaborative service providing system characterized by A re-encryption key issuing device, a plurality of service devices that provide various services to a user, and a cooperation device that links the plurality of service devices are connected to be able to communicate with each other, In accordance with the operation of the user, a first storage unit that stores association information to be linked between service devices in association with the user, a second storage unit that stores a secret key of each service device, and First generation means for generating ciphertext data by encrypting the cooperation information associated with the user using the public key of the re-encryption key issuing apparatus transmitted from the cooperation apparatus; When receiving the re-ciphertext data transmitted from the cooperation device, the first transmission means for transmitting the ciphertext data to the cooperation device, and decrypting the re-ciphertext data using the stored secret key, The dark The server apparatus cooperative service providing system provided with an acquisition unit that acquires reduction has been cooperation information,
The server device
Third storage means for storing the re-encryption key issuing device and the public key of each service device;
Stores a re-encryption key for realizing a re-encryption process that enables decryption using a secret key of another service device without decrypting the ciphertext data transmitted from each service device into plaintext data A fourth storage means;
Receiving the ciphertext data transmitted from each service device, a second generation means for re-encrypting the ciphertext data using the stored re-encryption key and generating re-ciphertext data;
Third transmission means for transmitting the generated re-ciphertext data to a service device different from the service device that transmitted the ciphertext data;
A server device comprising: fourth transmission means for transmitting the stored public key to each service device.

Images